Confidentiality and data security

In this article, I'll describe some of the practices that I take to assure the confidentiality and data security of the clients that hire my services. I believe it's important to expose these measures for awareness of the procedures adopted by me. Transparency is a part of professionalism.

These measures are divided into three core fundamental procedures: handling and ownership of content/files; productivity solutions; work computer and mobile phone; networking; handling of project meta-data and client info; password practices; and ethics.

 

Handling and ownership of content/files

 

• Safeguarding of content: I take care to prevent confidential project files and content from being accessed by unauthorized parties.
• No discussion: I do not discuss confidential project content with unauthorized parties.
• File deletion: I delete project files upon completion of work, or am willing to do so upon request.
• No paper copies: I do not create paper copies of project content.
• Encrypted file storage: I understand how to, and am willing to agree to, store files only in encrypted form.
• Password-protected folders: I understand how to, and am willing to agree to, password-protect file folders.
• Encrypted file transfer: I understand how to, and am willing to agree to, send and receive project files in an encrypted format.
• Dedicated project folder: I am willing to agree to keep separate file folders for separate clients.
• No cloud storage: I am willing to agree to store content only locally on my own machine(s), i.e., not in "the cloud".
• No unauthorized sampling: I use samples from completed translations (in portfolios, or otherwise to market my services) only with client permission.
• Confidential collaboration: I do not disclose confidential information when obtaining assistance from fellow translators on term selection;
• No ownership claims: I am willing to agree that completed translations are the property of the client or client's client, and waive any personal rights thereof.
• Reference material confidential: I consider reference materials to be confidential; I do not share such materials, and would not use them on other clients’ projects, without permission.

Productivity solutions

 

• Confidential TM/MT: I am willing upon request to agree not to use content from projects worked on for one client, to add to translation memories, or to train MT systems that are used with other clients;
• No cloud MT/TM/etc.: I am willing to agree upon request not to use any cloud-based translation memory, machine translation, optical character recognition (OCR), or other such cloud-based services that involve the disclosure of content to third-party systems.
• No TM/MT sharing: I am willing to agree not to share a given client's TMs and MT training data with other professionals.
• Work on server: I am willing to agree to perform work remotely on tools/applications/portals controlled by the client.

Work computer and mobile phone

 

• Locked computer: My work computer is password protected;
• Sole user: I am the only person who uses my computer;
• Antivirus: My computer has up-to-date, licensed antivirus software;
• File scanning: All incoming/outgoing files are scanned for viruses and malware;
• OS updates: Updates to my operating system are auto-installed;
• Software updates: I have a tool that checks for updates to all of the software on my computer;
• Private screen: My computer's screen is not visible through a window;
• Locked phone: My mobile phone is pin and thumbprint protected;
• No pirating: I do not use pirated software.

Networking

 

• Password-protected network: My home office's network is password protected;
• Firewall: My home office's network is protected by a firewall;
• Offline work: I am willing to work from home, offline only, if required;
• VPN: I understand how to, and am willing to agree to, use an encrypted VPN for file transfers.

Handling of project meta-data and client info

 

• Non-disclosure of clients: I do not disclose my clients' identities or contact information, or the identities or contact information of their clients or vendors, without first obtaining permission to do so;
• Non-disclosure of processes, rates: I do not discuss my clients' internal processes, tools, rates of payment, or other such information, without first obtaining permission to do so;
• Private correspondence: I consider communications with clients to be confidential and do not disclose emails or other such correspondence;
• Secure record-keeping: My customer list(s), invoices, and other such records are secured.

Password practices

 

• Password management: I have a professional approach to passwords that involve (1) strong/long passwords; (2) different passwords for different sites/services; and (3) periodic password rotation;
• Two-step verification: I use two-step verification procedures whenever possible.

Ethics

 

• Conflict of interest: If I experience a conflict of interest, or recognize the possibility of that perception, I will immediately discuss that with my client;
• No privileged actions: It is my policy not to take any actions (ex. buying stock) as a result of having gained access to confidential information;
• Illegal activities: If I became aware of any illegal activity, it is my policy to immediately report that to the relevant authorities, and to my client if appropriate;
• Disclosure reporting: If confidential information were ever inadvertently disclosed, I would notify my client immediately.

 

In sum, these are the procedures that I adopt during translations. Note that these procedures were inspired by ProZ security program. ProZ, check the website for more information. As to the privacy policy for this website, check this post. If you have any suggestions that could improve these safety measures, or if you have any comments on them, please leave a comment below. If you want to hire my services, please send an email or fill out the contact form.